News & Commentary

Content tagged with Compliance posted in October 2008
FTC Pushes Back 'Red Flag' Deadline
Quick Hits  |  10/24/2008
Companies have another six months to develop identity theft prevention programs
Tech Insight: Digital Forensics & Incident Response Go Live
News  |  10/24/2008
New tools, methods emerge for leveraging forensic data and memory analysis in the wake of an attack
Microsoft Blue Hat: Researcher Demos No-Hack Attack
News  |  10/21/2008
Wealth of available online data on individuals, businesses can be used in targeted attacks
Making ID & Access Management More Accessible
News  |  10/20/2008
New tools automate, simplify the access certification process
When Dates Attack
Quick Hits  |  10/20/2008
Dating 'alert' sites allow women to put an 'ex' on trial without rebuttal
SSL VPN Secures iPhone, Extranet Sessions
News  |  10/17/2008
Silicon Valley startup gets more mileage out of its VPN
Inspector General Report: Two IRS Applications Leave Taxpayer Data at Risk
News  |  10/16/2008
IRS knowingly rolled out systems that contained security vulnerabilities
Users Know Security Policy & Break It Anyway, Study Says
Quick Hits  |  10/15/2008
Many users feel they need to work around company security rules, according to RSA research
Stolen eBay Account Booty Found
Quick Hits  |  10/13/2008
Over 5,000 pilfered accounts - mostly from newly registered, less active eBay user accounts
World Bank Hacked, Sensitive Data Exposed
News  |  10/10/2008
Hacked Web servers, a stolen administrative account, and lot of unanswered questions
The Six Most Promising Security Startups of 2008
News  |  10/10/2008
Judges unveil six finalists in the annual Global Security Challenge
Free Tool Hacks Banking, Webmail, and Social Networking Sessions
News  |  10/6/2008
Man-in-the-middle attack tool automates hacks for non-Web security experts
Deutsche Telekom & T-Mobile Confirm Theft of Personal Data on 17M Customers
News  |  10/6/2008
Data stolen in 2006 is already in use by criminals, reports say
'Super Users' Could Threaten Database Security, Study Says
Quick Hits  |  10/1/2008
Survey by Independent Oracle Users Group says most database administrators haven't implemented proper defenses
IBM Takes On Retail Crime
News  |  10/1/2008
New package of integrated products and services offered as alternative to current mishmash of in-store security technology

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.